2FA with one mobile but several accounts
Hi there,
I'm a freelance developer, and am testing Teams for a very specific case: separate (and isolated) vaults on various machines.
My goal was to have a master account on my main machine, where I would create one vault for each of my clients projects.
This project-based vault would then be shared with a guest account, which I would use for this project on development machines (e.g. isolated virtual machines).
In doing so, then only project-specific vaults would be accessible from a dev machine, thus highly increasing security.
I wanted then to add 2FA per account (the master account, and the guests).
Once again, please keep in mind I would be the sole user, master account as guest accounts.
So when setting-up 2FA in Authenticator, it appears I can only have 1 account on the App, so I cannot use the same smartphone for accessing the various accounts (master and guests).
Any idea?
(other than purchasing additional smartphones ;-)
Please note using guest accounts or additional team members accounts does not change the problem, as it is related to the number of different 2FA in Authenticator.
I could use two Apps (Authy in parallel to Authenticator), but it would then restrict me to 2 2FA-protected accounts, right?
I could move to a Business Account, then I would have one 2FA for my private account (which I would use as a guest account), and another one for my business account (which I would use as the master account).
But that would restrict me to only 2 2FA-protected accounts.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Hi @ProtoW
Because 1Password's security is based on encryption, rather than traditional authentication, 2FA plays a different role than is often the case. Please see, e.g. these threads:
Considering the environment you'll be using these accounts in, and the role of 2FA with 1Password accounts, I'm not sure the additional effort required here would be worthwhile. Obviously that is subject to your determination, but I wanted to point that out in case you were not aware. It is substantially different than the role of 2FA with most other services.
If you do decide you'd like to use 2FA (TOTP) for each of these accounts, then there are certainly apps out there that can generate TOTP codes for multiple accounts (1Password itself being one of them). I'm not sure which app specifically you're referring to as
Authenticator, but if it has such a limitation it may not be the ideal app to use for this case. You might consider using 1Password itself, with Login items stored in the master account, to protect the guest accounts, for example.Ben
0 -
Hey @Ben thank you for the (very) prompt reply!
I know how 2FA works as per 1Password, and indeed need to get 2FA for dev machines in addition to encryption. It's related to the type of projects I'm working on, so I won't elaborate.
Authenticator is the recommendation from 1Password pages, but I'll test other 2FA apps.
As per using 1Password itself, it did not work well on some services, so it's true I passed on it, but will try also.
Thanks once again!0
